The current best solution is (1) you posting your pubkey elsewhere, like your twitter so other can verify, and (2) a NIP05 identifier. But there’s problems with both. Posting elsewhere requires users to be able to access “elsewhere” to confirm. NIP05 becomes kind of useless when anyone can go onto a NIP05 service and create a NIP05 with that domain (I can go on alby and get anita1@getalby.com and impersonate you). Best scenario is being able to use your own personal domain as your NIP05 identifier since people will know it’s your domain so only you can choose who gets an identifier there. But that’s also a taxing process for non tech savvy people and not scalable imo.